googleauth 0.14.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +11 -0
  3. data/CHANGELOG.md +72 -10
  4. data/README.md +48 -13
  5. data/SECURITY.md +7 -0
  6. data/lib/googleauth/application_default.rb +10 -25
  7. data/lib/googleauth/client_id.rb +10 -25
  8. data/lib/googleauth/compute_engine.rb +16 -30
  9. data/lib/googleauth/credentials.rb +178 -74
  10. data/lib/googleauth/credentials_loader.rb +23 -44
  11. data/lib/googleauth/default_credentials.rb +10 -25
  12. data/lib/googleauth/iam.rb +11 -26
  13. data/lib/googleauth/id_tokens/errors.rb +9 -23
  14. data/lib/googleauth/id_tokens/key_sources.rb +26 -38
  15. data/lib/googleauth/id_tokens/verifier.rb +16 -32
  16. data/lib/googleauth/id_tokens.rb +9 -23
  17. data/lib/googleauth/json_key_reader.rb +10 -25
  18. data/lib/googleauth/scope_util.rb +11 -26
  19. data/lib/googleauth/service_account.rb +60 -59
  20. data/lib/googleauth/signet.rb +22 -28
  21. data/lib/googleauth/stores/file_token_store.rb +11 -25
  22. data/lib/googleauth/stores/redis_token_store.rb +11 -25
  23. data/lib/googleauth/token_store.rb +10 -25
  24. data/lib/googleauth/user_authorizer.rb +10 -25
  25. data/lib/googleauth/user_refresh.rb +15 -27
  26. data/lib/googleauth/version.rb +11 -26
  27. data/lib/googleauth/web_user_authorizer.rb +14 -32
  28. data/lib/googleauth.rb +10 -25
  29. metadata +26 -97
  30. data/.github/CODEOWNERS +0 -7
  31. data/.github/CONTRIBUTING.md +0 -74
  32. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -36
  33. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -21
  34. data/.github/ISSUE_TEMPLATE/support_request.md +0 -7
  35. data/.gitignore +0 -36
  36. data/.kokoro/build.bat +0 -16
  37. data/.kokoro/build.sh +0 -4
  38. data/.kokoro/continuous/common.cfg +0 -24
  39. data/.kokoro/continuous/linux.cfg +0 -25
  40. data/.kokoro/continuous/osx.cfg +0 -8
  41. data/.kokoro/continuous/post.cfg +0 -30
  42. data/.kokoro/continuous/windows.cfg +0 -29
  43. data/.kokoro/osx.sh +0 -4
  44. data/.kokoro/presubmit/common.cfg +0 -24
  45. data/.kokoro/presubmit/linux.cfg +0 -24
  46. data/.kokoro/presubmit/osx.cfg +0 -8
  47. data/.kokoro/presubmit/windows.cfg +0 -29
  48. data/.kokoro/release.cfg +0 -94
  49. data/.kokoro/trampoline.bat +0 -10
  50. data/.kokoro/trampoline.sh +0 -4
  51. data/.repo-metadata.json +0 -5
  52. data/.rspec +0 -2
  53. data/.rubocop.yml +0 -19
  54. data/Gemfile +0 -30
  55. data/Rakefile +0 -132
  56. data/googleauth.gemspec +0 -38
  57. data/integration/helper.rb +0 -31
  58. data/integration/id_tokens/key_source_test.rb +0 -74
  59. data/rakelib/devsite_builder.rb +0 -45
  60. data/rakelib/link_checker.rb +0 -64
  61. data/rakelib/repo_metadata.rb +0 -59
  62. data/spec/googleauth/apply_auth_examples.rb +0 -171
  63. data/spec/googleauth/client_id_spec.rb +0 -160
  64. data/spec/googleauth/compute_engine_spec.rb +0 -160
  65. data/spec/googleauth/credentials_spec.rb +0 -478
  66. data/spec/googleauth/get_application_default_spec.rb +0 -286
  67. data/spec/googleauth/iam_spec.rb +0 -80
  68. data/spec/googleauth/scope_util_spec.rb +0 -77
  69. data/spec/googleauth/service_account_spec.rb +0 -489
  70. data/spec/googleauth/signet_spec.rb +0 -142
  71. data/spec/googleauth/stores/file_token_store_spec.rb +0 -57
  72. data/spec/googleauth/stores/redis_token_store_spec.rb +0 -50
  73. data/spec/googleauth/stores/store_examples.rb +0 -58
  74. data/spec/googleauth/user_authorizer_spec.rb +0 -343
  75. data/spec/googleauth/user_refresh_spec.rb +0 -359
  76. data/spec/googleauth/web_user_authorizer_spec.rb +0 -172
  77. data/spec/spec_helper.rb +0 -92
  78. data/test/helper.rb +0 -33
  79. data/test/id_tokens/key_sources_test.rb +0 -240
  80. data/test/id_tokens/verifier_test.rb +0 -269
@@ -1,478 +0,0 @@
1
- # Copyright 2017, Google Inc.
2
- # All rights reserved.
3
- #
4
- # Redistribution and use in source and binary forms, with or without
5
- # modification, are permitted provided that the following conditions are
6
- # met:
7
- #
8
- # * Redistributions of source code must retain the above copyright
9
- # notice, this list of conditions and the following disclaimer.
10
- # * Redistributions in binary form must reproduce the above
11
- # copyright notice, this list of conditions and the following disclaimer
12
- # in the documentation and/or other materials provided with the
13
- # distribution.
14
- # * Neither the name of Google Inc. nor the names of its
15
- # contributors may be used to endorse or promote products derived from
16
- # this software without specific prior written permission.
17
- #
18
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
-
30
- require "googleauth"
31
-
32
-
33
- # This test is testing the private class Google::Auth::Credentials. We want to
34
- # make sure that the passed in scope propogates to the Signet object. This means
35
- # testing the private API, which is generally frowned on.
36
- describe Google::Auth::Credentials, :private do
37
- let :default_keyfile_hash do
38
- {
39
- "private_key_id" => "testabc1234567890xyz",
40
- "private_key" => "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAOyi0Hy1l4Ym2m2o71Q0TF4O9E81isZEsX0bb+Bqz1SXEaSxLiXM\nUZE8wu0eEXivXuZg6QVCW/5l+f2+9UPrdNUCAwEAAQJAJkqubA/Chj3RSL92guy3\nktzeodarLyw8gF8pOmpuRGSiEo/OLTeRUMKKD1/kX4f9sxf3qDhB4e7dulXR1co/\nIQIhAPx8kMW4XTTL6lJYd2K5GrH8uBMp8qL5ya3/XHrBgw3dAiEA7+3Iw3ULTn2I\n1J34WlJ2D5fbzMzB4FAHUNEV7Ys3f1kCIQDtUahCMChrl7+H5t9QS+xrn77lRGhs\nB50pjvy95WXpgQIhAI2joW6JzTfz8fAapb+kiJ/h9Vcs1ZN3iyoRlNFb61JZAiA8\nNy5NyNrMVwtB/lfJf1dAK/p/Bwd8LZLtgM6PapRfgw==\n-----END RSA PRIVATE KEY-----\n",
41
- "client_email" => "credz-testabc1234567890xyz@developer.gserviceaccount.com",
42
- "client_id" => "credz-testabc1234567890xyz.apps.googleusercontent.com",
43
- "type" => "service_account",
44
- "project_id" => "a_project_id",
45
- "quota_project_id" => "b_project_id"
46
- }
47
- end
48
-
49
- it "uses a default scope" do
50
- mocked_signet = double "Signet::OAuth2::Client"
51
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
52
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
53
- allow(mocked_signet).to receive(:client_id)
54
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
55
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
56
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
57
- expect(options[:scope]).to eq([])
58
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
59
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
60
-
61
- mocked_signet
62
- end
63
-
64
- Google::Auth::Credentials.new default_keyfile_hash
65
- end
66
-
67
- it "uses a custom scope" do
68
- mocked_signet = double "Signet::OAuth2::Client"
69
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
70
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
71
- allow(mocked_signet).to receive(:client_id)
72
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
73
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
74
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
75
- expect(options[:scope]).to eq(["http://example.com/scope"])
76
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
77
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
78
-
79
- mocked_signet
80
- end
81
-
82
- Google::Auth::Credentials.new default_keyfile_hash, scope: "http://example.com/scope"
83
- end
84
-
85
- describe "using CONSTANTS" do
86
- it "can be subclassed to pass in other env paths" do
87
- test_path_env_val = "/unknown/path/to/file.txt".freeze
88
- test_json_env_val = JSON.generate default_keyfile_hash
89
-
90
- ENV["TEST_PATH"] = test_path_env_val
91
- ENV["TEST_JSON_VARS"] = test_json_env_val
92
-
93
- class TestCredentials1 < Google::Auth::Credentials
94
- TOKEN_CREDENTIAL_URI = "https://example.com/token".freeze
95
- AUDIENCE = "https://example.com/audience".freeze
96
- SCOPE = "http://example.com/scope".freeze
97
- PATH_ENV_VARS = ["TEST_PATH"].freeze
98
- JSON_ENV_VARS = ["TEST_JSON_VARS"].freeze
99
- end
100
-
101
- allow(::File).to receive(:file?).with(test_path_env_val) { false }
102
- allow(::File).to receive(:file?).with(test_json_env_val) { false }
103
-
104
- mocked_signet = double "Signet::OAuth2::Client"
105
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
106
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
107
- allow(mocked_signet).to receive(:client_id)
108
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
109
- expect(options[:token_credential_uri]).to eq("https://example.com/token")
110
- expect(options[:audience]).to eq("https://example.com/audience")
111
- expect(options[:scope]).to eq(["http://example.com/scope"])
112
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
113
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
114
-
115
- mocked_signet
116
- end
117
-
118
- creds = TestCredentials1.default
119
- expect(creds).to be_a_kind_of(TestCredentials1)
120
- expect(creds.client).to eq(mocked_signet)
121
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
122
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
123
- end
124
-
125
- it "subclasses can use PATH_ENV_VARS to get keyfile path" do
126
- class TestCredentials2 < Google::Auth::Credentials
127
- SCOPE = "http://example.com/scope".freeze
128
- PATH_ENV_VARS = %w[PATH_ENV_DUMMY PATH_ENV_TEST].freeze
129
- JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
130
- DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
131
- end
132
-
133
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
134
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
135
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
136
- allow(::ENV).to receive(:[]).with("PATH_ENV_TEST") { "/unknown/path/to/file.txt" }
137
- allow(::File).to receive(:file?).with("/unknown/path/to/file.txt") { true }
138
- allow(::File).to receive(:read).with("/unknown/path/to/file.txt") { JSON.generate default_keyfile_hash }
139
-
140
- mocked_signet = double "Signet::OAuth2::Client"
141
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
142
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
143
- allow(mocked_signet).to receive(:client_id)
144
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
145
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
146
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
147
- expect(options[:scope]).to eq(["http://example.com/scope"])
148
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
149
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
150
-
151
- mocked_signet
152
- end
153
-
154
- creds = TestCredentials2.default
155
- expect(creds).to be_a_kind_of(TestCredentials2)
156
- expect(creds.client).to eq(mocked_signet)
157
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
158
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
159
- end
160
-
161
- it "subclasses can use JSON_ENV_VARS to get keyfile contents" do
162
- test_json_env_val = JSON.generate default_keyfile_hash
163
-
164
- class TestCredentials3 < Google::Auth::Credentials
165
- SCOPE = "http://example.com/scope".freeze
166
- PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
167
- JSON_ENV_VARS = %w[JSON_ENV_DUMMY JSON_ENV_TEST].freeze
168
- DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
169
- end
170
-
171
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
172
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
173
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
174
- allow(::File).to receive(:file?).with(test_json_env_val) { false }
175
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
176
- allow(::ENV).to receive(:[]).with("JSON_ENV_TEST") { test_json_env_val }
177
-
178
- mocked_signet = double "Signet::OAuth2::Client"
179
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
180
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
181
- allow(mocked_signet).to receive(:client_id)
182
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
183
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
184
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
185
- expect(options[:scope]).to eq(["http://example.com/scope"])
186
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
187
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
188
-
189
- mocked_signet
190
- end
191
-
192
- creds = TestCredentials3.default
193
- expect(creds).to be_a_kind_of(TestCredentials3)
194
- expect(creds.client).to eq(mocked_signet)
195
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
196
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
197
- end
198
-
199
- it "subclasses can use DEFAULT_PATHS to get keyfile path" do
200
- class TestCredentials4 < Google::Auth::Credentials
201
- SCOPE = "http://example.com/scope".freeze
202
- PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
203
- JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
204
- DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
205
- end
206
-
207
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
208
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
209
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
210
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
211
- allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { true }
212
- allow(::File).to receive(:read).with("~/default/path/to/file.txt") { JSON.generate default_keyfile_hash }
213
-
214
- mocked_signet = double "Signet::OAuth2::Client"
215
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
216
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
217
- allow(mocked_signet).to receive(:client_id)
218
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
219
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
220
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
221
- expect(options[:scope]).to eq(["http://example.com/scope"])
222
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
223
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
224
-
225
- mocked_signet
226
- end
227
-
228
- creds = TestCredentials4.default
229
- expect(creds).to be_a_kind_of(TestCredentials4)
230
- expect(creds.client).to eq(mocked_signet)
231
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
232
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
233
- end
234
-
235
- it "subclasses that find no matches default to Google::Auth.get_application_default" do
236
- class TestCredentials5 < Google::Auth::Credentials
237
- SCOPE = "http://example.com/scope".freeze
238
- PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
239
- JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
240
- DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
241
- end
242
-
243
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
244
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
245
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
246
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
247
- allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { false }
248
-
249
- mocked_signet = double "Signet::OAuth2::Client"
250
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
251
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
252
- allow(mocked_signet).to receive(:client_id)
253
- allow(Google::Auth).to receive(:get_application_default) do |scope|
254
- expect(scope).to eq([TestCredentials5::SCOPE])
255
-
256
- # This should really be a Signet::OAuth2::Client object,
257
- # but mocking is making that difficult, so return a valid hash instead.
258
- default_keyfile_hash
259
- end
260
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
261
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
262
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
263
- expect(options[:scope]).to eq(["http://example.com/scope"])
264
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
265
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
266
-
267
- mocked_signet
268
- end
269
-
270
- creds = TestCredentials5.default
271
- expect(creds).to be_a_kind_of(TestCredentials5)
272
- expect(creds.client).to eq(mocked_signet)
273
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
274
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
275
- end
276
- end
277
-
278
- describe "using class methods" do
279
- it "can be subclassed to pass in other env paths" do
280
- test_path_env_val = "/unknown/path/to/file.txt".freeze
281
- test_json_env_val = JSON.generate default_keyfile_hash
282
-
283
- ENV["TEST_PATH"] = test_path_env_val
284
- ENV["TEST_JSON_VARS"] = test_json_env_val
285
-
286
- class TestCredentials11 < Google::Auth::Credentials
287
- self.token_credential_uri = "https://example.com/token"
288
- self.audience = "https://example.com/audience"
289
- self.scope = "http://example.com/scope"
290
- self.env_vars = ["TEST_PATH", "TEST_JSON_VARS"]
291
- end
292
-
293
- allow(::File).to receive(:file?).with(test_path_env_val) { false }
294
- allow(::File).to receive(:file?).with(test_json_env_val) { false }
295
-
296
- mocked_signet = double "Signet::OAuth2::Client"
297
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
298
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
299
- allow(mocked_signet).to receive(:client_id)
300
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
301
- expect(options[:token_credential_uri]).to eq("https://example.com/token")
302
- expect(options[:audience]).to eq("https://example.com/audience")
303
- expect(options[:scope]).to eq(["http://example.com/scope"])
304
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
305
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
306
-
307
- mocked_signet
308
- end
309
-
310
- creds = TestCredentials11.default
311
- expect(creds).to be_a_kind_of(TestCredentials11)
312
- expect(creds.client).to eq(mocked_signet)
313
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
314
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
315
- end
316
-
317
- it "subclasses can use PATH_ENV_VARS to get keyfile path" do
318
- class TestCredentials12 < Google::Auth::Credentials
319
- self.scope = "http://example.com/scope"
320
- self.env_vars = %w[PATH_ENV_DUMMY PATH_ENV_TEST JSON_ENV_DUMMY]
321
- self.paths = ["~/default/path/to/file.txt"]
322
- end
323
-
324
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
325
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
326
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
327
- allow(::ENV).to receive(:[]).with("PATH_ENV_TEST") { "/unknown/path/to/file.txt" }
328
- allow(::File).to receive(:file?).with("/unknown/path/to/file.txt") { true }
329
- allow(::File).to receive(:read).with("/unknown/path/to/file.txt") { JSON.generate default_keyfile_hash }
330
-
331
- mocked_signet = double "Signet::OAuth2::Client"
332
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
333
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
334
- allow(mocked_signet).to receive(:client_id)
335
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
336
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
337
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
338
- expect(options[:scope]).to eq(["http://example.com/scope"])
339
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
340
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
341
-
342
- mocked_signet
343
- end
344
-
345
- creds = TestCredentials12.default
346
- expect(creds).to be_a_kind_of(TestCredentials12)
347
- expect(creds.client).to eq(mocked_signet)
348
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
349
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
350
- end
351
-
352
- it "subclasses can use JSON_ENV_VARS to get keyfile contents" do
353
- test_json_env_val = JSON.generate default_keyfile_hash
354
-
355
- class TestCredentials13 < Google::Auth::Credentials
356
- self.scope = "http://example.com/scope"
357
- self.env_vars = %w[PATH_ENV_DUMMY JSON_ENV_DUMMY JSON_ENV_TEST]
358
- self.paths = ["~/default/path/to/file.txt"]
359
- end
360
-
361
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
362
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
363
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
364
- allow(::File).to receive(:file?).with(test_json_env_val) { false }
365
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
366
- allow(::ENV).to receive(:[]).with("JSON_ENV_TEST") { test_json_env_val }
367
-
368
- mocked_signet = double "Signet::OAuth2::Client"
369
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
370
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
371
- allow(mocked_signet).to receive(:client_id)
372
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
373
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
374
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
375
- expect(options[:scope]).to eq(["http://example.com/scope"])
376
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
377
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
378
-
379
- mocked_signet
380
- end
381
-
382
- creds = TestCredentials13.default
383
- expect(creds).to be_a_kind_of(TestCredentials13)
384
- expect(creds.client).to eq(mocked_signet)
385
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
386
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
387
- end
388
-
389
- it "subclasses can use DEFAULT_PATHS to get keyfile path" do
390
- class TestCredentials14 < Google::Auth::Credentials
391
- self.scope = "http://example.com/scope"
392
- self.env_vars = %w[PATH_ENV_DUMMY JSON_ENV_DUMMY]
393
- self.paths = ["~/default/path/to/file.txt"]
394
- end
395
-
396
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
397
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
398
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
399
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
400
- allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { true }
401
- allow(::File).to receive(:read).with("~/default/path/to/file.txt") { JSON.generate default_keyfile_hash }
402
-
403
- mocked_signet = double "Signet::OAuth2::Client"
404
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
405
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
406
- allow(mocked_signet).to receive(:client_id)
407
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
408
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
409
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
410
- expect(options[:scope]).to eq(["http://example.com/scope"])
411
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
412
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
413
-
414
- mocked_signet
415
- end
416
-
417
- creds = TestCredentials14.default
418
- expect(creds).to be_a_kind_of(TestCredentials14)
419
- expect(creds.client).to eq(mocked_signet)
420
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
421
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
422
- end
423
-
424
- it "subclasses that find no matches default to Google::Auth.get_application_default" do
425
- class TestCredentials15 < Google::Auth::Credentials
426
- self.scope = "http://example.com/scope"
427
- self.env_vars = %w[PATH_ENV_DUMMY JSON_ENV_DUMMY]
428
- self.paths = ["~/default/path/to/file.txt"]
429
- end
430
-
431
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
432
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
433
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
434
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
435
- allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { false }
436
-
437
- mocked_signet = double "Signet::OAuth2::Client"
438
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
439
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
440
- allow(mocked_signet).to receive(:client_id)
441
- allow(Google::Auth).to receive(:get_application_default) do |scope|
442
- expect(scope).to eq(TestCredentials15.scope)
443
-
444
- # This should really be a Signet::OAuth2::Client object,
445
- # but mocking is making that difficult, so return a valid hash instead.
446
- default_keyfile_hash
447
- end
448
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
449
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
450
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
451
- expect(options[:scope]).to eq(["http://example.com/scope"])
452
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
453
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
454
-
455
- mocked_signet
456
- end
457
-
458
- creds = TestCredentials15.default
459
- expect(creds).to be_a_kind_of(TestCredentials15)
460
- expect(creds.client).to eq(mocked_signet)
461
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
462
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
463
- end
464
- end
465
-
466
- it "warns when cloud sdk credentials are used" do
467
- mocked_signet = double "Signet::OAuth2::Client"
468
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
469
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
470
- allow(Signet::OAuth2::Client).to receive(:new) do |_options|
471
- mocked_signet
472
- end
473
- allow(mocked_signet).to receive(:client_id).and_return(Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID)
474
- expect { Google::Auth::Credentials.new default_keyfile_hash }.to output(
475
- Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
476
- ).to_stderr
477
- end
478
- end